Mitel Product Security Advisory 20-0008

Mitel Product Security Advisory 20-0008

Mitel MiCollab Multiple Security Vulnerabilities

Advisory ID: 20-0008

Publish Date: 2020-06-25

Last Updated: 2020-06-25

Revision: 1.0

Summary

The SAS portal of Mitel MiCollab could allow an attacker to access user data by performing a header injection in HTTP responses due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information

The Mitel MiCollab iOS application could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information

These vulnerabilities were privately reported.

Mitel is recommending customers with affected product versions, update to the latest release.

Affected Products

Product NameProduct VersionSecurity BulletinLast Updated
MiCollabMiCollab 9.1.2.x and earlier20-0008-0012020-06-25
MiCollab iOS applicationMiCollab iOS version 9.1.313 and earlier20-0008-0022020-06-25

Risk Assessment

The risk for this vulnerability is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2020-13863

CVE-2020-13767

Revision History

VersionDateDescription
1.02020-06-25Initial version

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!